---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: elasticsearch
---
apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  labels:
    component: elasticsearch
spec:
  type: NodePort
  selector:
    component: elasticsearch
  ports:
  - name: http
    port: 9200
    protocol: TCP
  - name: transport
    port: 9300
    protocol: TCP
---
apiVersion: v1
kind: ReplicationController
metadata:
  name: es
  labels:
    component: elasticsearch
spec:
  replicas: 1
  template:
    metadata:
      labels:
        component: elasticsearch
    spec:
      serviceAccount: elasticsearch
      initContainers:
      - name: init-sysctl
        image: docker.io/library/busybox:1.31.1
        imagePullPolicy: IfNotPresent
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      containers:
      - name: es
        securityContext:
          capabilities:
            add:
              - IPC_LOCK
        image: quay.io/pires/docker-elasticsearch-kubernetes:5.6.2
        env:
        - name: KUBERNETES_CA_CERTIFICATE_FILE
          value: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: "CLUSTER_NAME"
          value: "myesdb"
        - name: "DISCOVERY_SERVICE"
          value: "elasticsearch"
        - name: NODE_MASTER
          value: "true"
        - name: NODE_DATA
          value: "true"
        - name: HTTP_ENABLE
          value: "true"
        ports:
        - containerPort: 9200
          name: http
          protocol: TCP
        - containerPort: 9300
          name: transport
          protocol: TCP
        volumeMounts:
        - mountPath: /data
          name: storage
      volumes:
      - name: storage
        emptyDir: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: elasticsearch
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: elasticsearch
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: elasticsearch
subjects:
- kind: ServiceAccount
  name: elasticsearch
  namespace: default
---
apiVersion: v1
kind: Pod
metadata:
  name: outpost
  labels:
    app: outpost
spec:
  containers:
  - name: esclient
    image: docker.io/cilium/esclient:v2 
---
apiVersion: v1
kind: Pod
metadata:
  name: empire-hq
  labels:
    app: empire-hq
spec:
  containers:
  - name: esclient
    image: docker.io/cilium/esclient:v2 
---
apiVersion: v1
kind: Pod
metadata:
  name: spaceship
  labels:
    app: spaceship
spec:
  containers:
  - name: esclient
    image: docker.io/cilium/esclient:v2

